Kubernetes Service Types
This document explains the different Kubernetes Service types, their purpose, and how to use them on an E2E Kubernetes Cluster.
1. ClusterIP Service
What is ClusterIP?
ClusterIP is the default Kubernetes Service type. It exposes an application only inside the Kubernetes cluster.
The service is assigned a stable internal IP address and DNS name, which other services within the cluster can use to communicate.
Why Use ClusterIP?
- Enables internal communication between services
- Prevents external access to Pods
- Provides service discovery using Kubernetes DNS
- Recommended for backend and internal APIs
When to Use ClusterIP?
Use ClusterIP when:
- A frontend service communicates with a backend service
- Microservices need internal communication
- The application should not be exposed publicly
Example: ClusterIP Service
apiVersion: v1
kind: Service
metadata:
name: backend-clusterip
spec:
type: ClusterIP
selector:
app: backend
ports:
- port: 80
targetPort: 80
Apply the manifest:
kubectl apply -f cluster-ip.yaml
Verify the service:
kubectl get svc
Access from within the cluster:
http://backend-clusterip
2. NodePort Service
What is NodePort?
NodePort exposes a service on a static port on every worker node.
Traffic sent to <Node-IP>:<NodePort> is forwarded to the service and then routed to the backend Pods.
Why Use NodePort?
- Provides simple external access without a load balancer
- Useful for testing and debugging
- Works in environments without cloud load balancers
When to Use NodePort?
Use NodePort when:
- Quick external access is required
- Testing or troubleshooting applications
- Production-grade load balancing is not required
Note: NodePort is not recommended for production workloads.
Example: NodePort Service
apiVersion: v1
kind: Service
metadata:
name: web-nodeport
spec:
type: NodePort
selector:
app: web
ports:
- port: 80
targetPort: 80
nodePort: 30080
Apply the manifest:
kubectl apply -f node-port.yaml
Verify the service:
kubectl get svc
Note: E2E Kubernetes worker nodes do not have public IP addresses by default. NodePort access is typically not available.
3. LoadBalancer Service
What is LoadBalancer?
LoadBalancer exposes an application using a cloud-managed load balancer.
On E2E Kubernetes, this automatically:
- Provisions a cloud load balancer
- Assigns a public IP address
- Routes traffic to healthy Pods
Why Use a LoadBalancer?
- Production-ready external access
- Automatic traffic distribution
- High availability
- Integrates with cloud networking and firewall rules
When to Use a LoadBalancer?
Use LoadBalancer when:
- The application must be accessible from the internet
- Running production workloads
- A stable public IP address is required
Example: LoadBalancer Service
apiVersion: v1
kind: Service
metadata:
name: web-loadbalancer
spec:
type: LoadBalancer
selector:
app: frontendapp
ports:
- port: 80
targetPort: 80
Apply the manifest:
kubectl apply -f loadbalancer.yaml
Check the assigned external IP:
kubectl get svc
Assigning an External IP for LoadBalancer Service on E2E Kubernetes
After creating a LoadBalancer type Service, the EXTERNAL-IP may remain in the Pending state. On E2E Kubernetes, the external IP must be manually assigned from the E2E Dashboard.
Steps to Assign LoadBalancer IP from E2E Dashboard
- Log in to the E2E Cloud Dashboard.
- Navigate to Kubernetes and select your cluster.
- Open the LB-IP-Pool section.
- Click on Reserve New Service IP.
- Select an available IP address.
- Click Attach IP to associate the IP with the cluster.
Once attached, the selected IP is automatically assigned to the LoadBalancer type Service.
Important Notes
- Each LoadBalancer Service requires one dedicated IP address.
- If you have multiple LoadBalancer Services, you must:
- Reserve a separate IP for each Service
- Attach each IP individually to the cluster
Verify External IP Assignment
Run the following command:
kubectl get svc
The EXTERNAL-IP field should now display the assigned IP address.
Access the Application
http://<External-IP>
This behavior ensures controlled and secure IP allocation for LoadBalancer Services on E2E Kubernetes.
Why LoadBalancer Alone Is Not Sufficient
A LoadBalancer Service:
- Exposes one service per public IP address
- Supports basic TCP and HTTP traffic forwarding
- Does not provide advanced routing capabilities
Limitations of Using Only LoadBalancer
- No support for host-based or path-based routing
- No centralized TLS certificate management
- No advanced traffic control such as canary deployments, blue-green deployments, or rate limiting
For these reasons, a LoadBalancer Service is typically used as a foundation for external connectivity, rather than a complete traffic management solution.
For more reference, see the Kubernetes Services documentation.
Next Steps: Ingress and Gateway API
In the next sections, explore NGINX Ingress Controller and Kubernetes Gateway API, which build on top of the LoadBalancer and provide advanced routing, TLS termination, and traffic management capabilities for applications running on E2E Kubernetes.